Security News

June 15, 2024

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

This post was originally published on this siteA 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy. A still frame from a video released by the Spanish national police shows Tylerb in custody at the airport. “He stands accused of hacking into […]
June 11, 2024

Patch Tuesday, June 2024 “Recall” Edition

This post was originally published on this siteMicrosoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default. Last month, Microsoft debuted Copilot+ PCs, an AI-enabled version of Windows. Copilot+ ships with a feature nobody asked for that Redmond has aptly dubbed Recall, […]
May 30, 2024

‘Operation Endgame’ Hits Malware Delivery Platforms

This post was originally published on this siteLaw enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot. A frame from one of three animated videos released today in connection with Operation Endgame. Operation Endgame targets the cybercrime ecosystem supporting droppers/loaders, slang terms used to describe tiny, custom-made programs designed […]
May 29, 2024

Is Your Computer Part of ‘The Largest Botnet Ever?’

This post was originally published on this siteThe U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. The Cloud Router homepage, which was seized by the FBI this past weekend. Cloud Router was […]
May 28, 2024

Treasury Sanctions Creators of 911 S5 Proxy Botnet

This post was originally published on this siteThe U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later. The 911 S5 botnet-powered proxy service, circa July 2022. From 2015 to July 2022, 911 S5 sold access to hundreds of thousands of Microsoft Windows […]
May 23, 2024

Stark Industries Solutions: An Iron Hammer in the Cloud

This post was originally published on this site The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia. At least a dozen patriotic Russian hacking groups have been launching DDoS attacks since the start […]
May 21, 2024

Why Your Wi-Fi Router Doubles as an Apple AirTag

This post was originally published on this site Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. At issue […]
May 14, 2024

Patch Tuesday, May 2024 Edition

This post was originally published on this siteMicrosoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw. First, the zero-days. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. Satnam Narang at Tenable said this flaw is being used as part of post-compromise activity to elevate privileges as a local attacker. […]
May 13, 2024

How Did Authorities Identify the Alleged Lockbit Boss?

This post was originally published on this siteLast week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. Dmitry Yuryevich Khoroshev. Image: On May […]
May 7, 2024

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

This post was originally published on this siteThe United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments. Image: U.K. National Crime Agency. Khoroshev (Дмитрий Юрьевич Хорошев), a resident of Voronezh, Russia, was charged in a 26-count indictment by a grand jury in New Jersey. “Dmitry Khoroshev conceived, developed, and administered Lockbit, the most […]
May 6, 2024

Why Your VPN May Not Be As Secure As It Claims

This post was originally published on this siteVirtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user. Image: Shutterstock. When a device initially tries to connect to a network, it broadcasts a message to the entire local network stating that it is requesting an Internet address. […]
April 30, 2024

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

This post was originally published on this siteA 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly sensitive therapy session notes Vastaamo had exposed online. Ransom_man announced on the dark […]
April 29, 2024

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

This post was originally published on this siteThe U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T, Sprint, T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers. In February 2020, the FCC put all four wireless providers on notice that their practices of sharing access to customer location data were likely violating the law. The FCC said it found the carriers each sold access to its […]
April 22, 2024

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

This post was originally published on this siteThe head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump’s Dumps. A now-defunct carding shop that sold stolen credit cards and invoked 45’s likeness and name. […]
April 16, 2024

Who Stole 3.6M Tax Records from South Carolina?

This post was originally published on this site For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed. Questions about […]
April 15, 2024

Crickets from Chirp Systems in Smart Lock Key Leak

This post was originally published on this siteThe U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with “low attack […]
April 11, 2024

Why CISA is Warning CISOs About a Breach at Sisense

This post was originally published on this siteThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and […]
April 10, 2024

Twitter’s Clumsy Pivot to Is a Gift to Phishers

This post was originally published on this siteOn April 9, Twitter/X began automatically modifying links that mention “” to read “” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as in tweets. The message displayed when one visits, which Twitter/X displayed as in tweets and messages. A search at shows at least 60 domain names have been registered over the past two days for domains ending in […]
April 9, 2024

April’s Patch Tuesday Brings Record Number of Fixes

This post was originally published on this siteIf only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software. Yes, you read that right. Microsoft today released updates to address 147 security holes in Windows, Office, Azure, .NET Framework, Visual Studio, SQL Server, DNS Server, Windows Defender, Bitlocker, and Windows Secure […]
April 4, 2024

Fake Lawsuit Threat Exposes Privnote Phishing Sites

This post was originally published on this siteA cybercrook who has been setting up websites that mimic the self-destructing message service accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. The real Privnote, at Launched in 2008, employs technology that encrypts each message so that even Privnote itself cannot read its contents. […]
April 3, 2024

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

This post was originally published on this siteRoughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “The Manipulaters,” a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities. In May 2015, KrebsOnSecurity published a brief writeup about the brazen Manipulaters team, noting that […]
March 28, 2024

Thread Hijacking: Phishes That Prey on Your Curiosity

This post was originally published on this siteThread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. In Sept. 2023, the Pennsylvania news outlet published a story about […]
March 26, 2024

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

This post was originally published on this siteSeveral Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is […]
March 22, 2024

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

This post was originally published on this siteThe nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years. Mozilla Monitor. Image Mozilla Monitor Plus video on Youtube. Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a […]
March 20, 2024

The Not-so-True People-Search Network from China

This post was originally published on this siteIt’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities. Responding to a reader inquiry concerning the trustworthiness of a site called TruePeopleSearch[.]net, KrebsOnSecurity began poking around. The site offers to sell a report containing photos, […]